From owner-freebsd-security Wed Sep 30 23:07:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA21369 for freebsd-security-outgoing; Wed, 30 Sep 1998 23:07:35 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from well.key.net.au (well.key.net.au [203.35.4.19]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA21256; Wed, 30 Sep 1998 23:06:36 -0700 (PDT) (envelope-from keith@well.key.net.au) Received: (from keith@localhost) by well.key.net.au (8.8.8/8.8.8) id QAA21245; Thu, 1 Oct 1998 16:05:44 +1000 (EST) (envelope-from keith) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit MIME-Version: 1.0 In-Reply-To: Date: Thu, 01 Oct 1998 16:05:32 +1000 (EST) Reply-To: keith@apcs.com.au Organization: Australia Power Control Systems P/L From: Keith Anderson To: Alejandro Galindo Chairez AGALINDO Subject: RE: Firewall with 2 NIC and a NET class C Cc: freebsd-security@FreeBSD.ORG, questions@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alejandro I have a netmask table I made some time ago. Hope it helps http://www.key.net.au/keith/netmask/netmask.html Keith ANderson On 01-Oct-98 Alejandro Galindo Chairez AGALINDO wrote: > Hello! > > I have a network class C (conected to Internet), some hackers are > cracking my server and i need to install a firewall. > > I have 2 xl NIC's (xl0 and xl1), but i dont know how will be the > rc.firewall configuration and how i can protect all my network for outside > attacks. > > In the rc.firewall i use the "simple" firewall type, but i dont > understand how i can divide my network class C in 2 networks (with a mask > 255.255.255.128 sample). > > I need to have real internet ip's in the 2 NIC's becouse i want to > protect my WWW and e-mail servers. > > Here is a sample of what i have and what i need: > > INTERNET > | > | > My router (208.195.117.2) > | > | > ----------------------- (network class C 208.195.117.*) > | | | > | | | > WWW server email server and PCs > 208.195.117.11 208...12 208...13 (sample) > > > > I need to protect all my network and i think the solution can be: > > INTERNET > | > | > ROUTER (208.195.117.2) > | > | maybe mask 255.255.255.128 > FIREWALL (208.195.117.14) xl0 (first NIC) > | > | 208.195.117.129 xl1 (second NIC) of the firewall > ------------------------ > | | | maybe mask 255.255.255.128 > | | | > WWW server email server PC's ... > 208.195.117.130 208...131 208...132 etc > > Please i need help i how to plain the network and how to indicate the > rules in the rc.firewall > > Iam desesperate becouse my network is attacked. > > Thanks in advanced > > Alejandro Galindo > > > ---------------------------------------------------------------------------- >| , , | >| /( )` | >| \ \___ / | | >| /- _ `-/ ' | >| (/\/ \ \ /\ | >| ExSoCom Dgo. MEXICO / / | ` \ | >| O O ) / | | >| `-^--'`< ' | >| (_.) _ ) / | >| Alejandro Galindo `.___/` / | >| Tel: (52 18) 179177 `-----' / | >| Fax: (52 18) 185155 <----. __ / __ \ | >| <----|====O)))==) \) /==== | >| e-mail alejandro.galindo@exsocom.com.mx <----' `--' `.__,' \ | >| | | | >| http://www.exsocom.com.mx \ / /\| >| ______( (_ / \______/ | >| ,' ,-----' | | >| a FreeBSD ISP `--{__________) | > ---------------------------------------------------------------------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message ---------------------------------- E-Mail: Keith Anderson Date: 01-Oct-98 Time: 16:01:41 "Don't trouble trouble until trouble troubles you!" This message was sent by XFMail ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message